WoT: Security Breach - Free Gold!

"correcthorsebatterystaple" is the specific password used as an example in that XKCD comic I linked and as such is probably in every first tier cracking table in the world.
HTTPS isnt secure you can easily defeat it using a "Man in the middle attack" and a lot of people reuse their passwords for their email ect so if you reuse your passwords on other sites reset those to so they can't use your email to reset your WoT pass to.
"very vulnerable to a dictionary attack" you should perhaps check your math again. "more vulnerable" yes, "VERY vulnerable" ? hardly.
http://xkcd.com/936/The lengh of password is the most important part.The complexy of password dosent matter :)
No you can't. That's what certificate signing is about.
Yes you can and its been shown to work during Black Hat DC 2009. Any hacker worth his salt knows SSL/HTTPS is basically broken and provides a false sense of security so before sprouting of I sugest you google some.
en.m.wikipedia.org/wiki/HTTP_S...The attack you describe only applies where the user doesn't pay attention on a server that doesn't use sts. SSL/https isn't broken, it's the initial connection that is the issue
Nope, you can implement a MiTM at any time even when the connection already has been made through arp spoofing even CAs aknowledge this however what is correct is that your relying on the user not checking the cert for authenticy See SSL strip / SSLsniff, Quakenets posts on IRC over SSL and more
Google Theregister - How is SSL hopelessly broken, Let us count the ways.

The Bad

In online activities, security breaches are an everyday occurrence. For the most part, we're at the mercy of the companies' security practices and some are better at dealing with these issues than others. Without getting into the security versus convenience argument or into too much detail on security, there has been an "incident" with account security concerning the North American World of Tanks server.

The Good

The good is that not much was compromised, which is to say financials appear to be secure. Password hashes and emails may be compromised for some players, though. A password hash isn't a password. However, it is it's only a matter of time and computing power to turn password hashes into actual passwords, so you'll want to change your account password as soon as possible and not change it back.

The great news is clearly that Wargaming takes this seriously and is offering a 300 gold bounty for taking your account security as seriously as they do. All you have to do is change your account password. This will invalidate the password hash IF the perpetrators manage to decode it. WG has even made an event of it.

Bottom line is log in and change your password as soon as possible to cash in and to keep your account secure. I'm doing it right now.

Additional Notes

Given the nature of these breaches, there is no reason to expect WG.net to provide any additional detail as it would only encourage others to "test their security." No, "testing their security" isn't a good thing because it increases server load, so don't do it.

Having just updated my password using the link they provided, it's quick and easy. Their site uses https, the secure http protocol, so that's good. Their password strength meter judges based on complexity and length which passwords are better. Short passwords of random characters are much easier to crack and harder to remember than long passwords of anything except repeating characters. From a security standpoint, a four or five word phrase is easy for humans to remember but exceedingly difficult for computers to crack in computational terms, depending on the words. 

That being said, please do not set your WoT password to "correcthorsebatterystaple".

Where am I? What Plane/Mech/Tank/Ship am I in?